Comments on: Quickies: PalmConnect USB Drivers, Password Decoding
Palm Inc. has released a software driver update that will allow PalmConnect USB adapter users to use the serial to USB adapter on PCs running Windows 2000. This is a pre-release version of these drivers. This software is being provided to users, 'as is', and is unsupported by Palm. -Ed
Password Retrieval and Decoding
SecuriTeam.com has an article on ways to crack the fairly simple encryption on the password used by Palm's built-in Security application. As this article says, "It is possible to obtain an encoded form of the password, determine the actual password due to a weak, reversible encoding scheme, and access a user's private data". -Athan
Article Comments
(6 comments)
The following comments are owned by whoever posted them. PalmInfocenter is not responsible for them in any way.
Please Login or register here to add your comments.
Comments Closed
This article is no longer accepting new comments.
RE: But it's even easier to get confidential data...
I truly hope...
Palm Data isn't secure in the first place.
Palm 'secret' files aren't actually secret at all. They're just hidden. Each program written for the Palm is supposed to take account of hidden records and not show them.
However, there's nothing forcing applications to obey this rule. Also, hidden records are just stored in the Palm like any other record, without any form of encryption.
So, any resonable Palm developer can write programs to access your hidden data either on the Palm or during a HotSync. Also, any database reader can be used by anyone to look at all the records on the Palm including hidden ones.
Because of this, you should never use the built-in Palm hidden / secret functionality to store private or sensitive data, as it's just not safe at all.
If you wish to store such information on the Palm, you'll want to get some special software that encrypts the information stored. That way not only does it need a password to access it, but anyone looking at the record will just see encypted gobble-de-gook.
There are various encytpion programs on the market, most are either Encypted Memo Pad programs or specific password / pin-code storing applications.
Cheers
Russell
Russell K Bulmer
Noble(star
http://noblestar.com
rbulmer@noblestar.com
+44 797 082 3259
Real connection
I am writing from a school yard in Malaysia.
Latest Comments
- I got one -Tuckermaclain
- RE: Don't we have this already? -Tuckermaclain
- RE: Palm brand will return in 2018, with devices built by TCL -richf
- RE: Palm brand will return in 2018, with devices built by TCL -dmitrygr
- Palm phone on HDblog -palmato
- Palm PVG100 -hgoldner
- RE: Like Deja Vu -PacManFoo
- Like Deja Vu -T_W
But it's even easier to get confidential data...
I wasn't under the impression that it was meant to be terribly secure...
Matt